Product Documentation

VMware virtualization environments

May 10, 2016

Follow this guidance if you use VMware to provide virtual machines.

Install and configure your hypervisor

  1. Install vCenter Server and the appropriate management tools. (No support is provided for vSphere vCenter Linked Mode operation.)
  2. Create a VMware user account with the following permissions, at the DataCenter level, at a minimum. This account has permissions to create new VMs and is used to communicate with vCenter.

    SDK

    User Interface

    Datastore.AllocateSpace

    Datastore > Allocate space

    Datastore.Browse

    Datastore > Browse datastore

    Datastore.FileManagement

    Datastore > Low level file operations

    Network.Assign

    Network > Assign network

    Resource.AssignVMToPool

    Resource > Assign virtual machine to resource pool

    System.Anonymous, System.Read, and System.View

    Added automatically.

    Task.Create

    Tasks > Create task

    VirtualMachine.Config.AddRemoveDevice

    Virtual machine > Configuration > Add or remove device

    VirtualMachine.Config.AddExistingDisk

    Virtual machine > Configuration > Add existing disk

    VirtualMachine.Config.AddNewDisk

    Virtual machine > Configuration > Add new disk

    VirtualMachine.Config.AdvancedConfig

    Virtual machine > Configuration > Advanced

    VirtualMachine.Config.CPUCount

    Virtual machine > Configuration > Change CPU Count

    VirtualMachine.Config.Memory

    Virtual machine > Configuration > Memory

    VirtualMachine.Config.RemoveDisk

    Virtual machine > Configuration > Remove disk

    VirtualMachine.Config.Resource

    Virtual machine > Configuration > Change resource

    VirtualMachine.Config.Settings

    Virtual machine > Configuration > Settings

    VirtualMachine.Interact.PowerOff

    Virtual machine > Interaction > Power Off

    VirtualMachine.Interact.PowerOn

    Virtual machine > Interaction > Power On

    VirtualMachine.Interact.Reset

    Virtual machine > Interaction > Reset

    VirtualMachine.Interact.Suspend

    Virtual machine > Interaction > Suspend

    VirtualMachine.Inventory.Create

    Virtual machine > Inventory > Create new

    VirtualMachine.Inventory.CreateFromExisting

    Virtual machine > Inventory > Create from existing

    VirtualMachine.Inventory.Delete

    Virtual machine > Inventory > Remove

    VirtualMachine.Inventory.Register

    Virtual machine > Inventory > Register

    VirtualMachine.Provisioning.Clone

     

    VirtualMachine.Provisioning.CloneTemplate

    Virtual machine > Provisioning > Clone virtual machine

    Virtual machine > Provisioning > Clone template

    VirtualMachine.Provisioning.DiskRandomAccess

    Virtual machine > Provisioning > Allow disk access

    VirtualMachine.Provisioning.GetVmFiles

    Virtual machine > Provisioning > Allow virtual machine download

    VirtualMachine.Provisioning.PutVmFiles

    Virtual machine > Provisioning > Allow virtual machine files upload

    VirtualMachine.Provisioning.DeployTemplate

    Virtual machine > Provisioning > Deploy template

    VirtualMachine.Provisioning.MarkAsVM

    Virtual machine > Provisioning > Mark as virtual machine

    VirtualMachine.State.CreateSnapshot

    vSphere 5.0, Update 2 and vSphere 5.1, Update 1: Virtual machine > State > Create snapshot

    vSphere 5.5: Virtual machine > Snapshot management > Create snapshot

    VirtualMachine.State.RemoveSnapshot

    vSphere 5.0, Update 2 and vSphere 5.1, Update 1: Virtual machine > State > Remove snapshot

    vSphere 5.5: Virtual machine > Snapshot management > Remove snapshot

    VirtualMachine.State.RevertToSnapshot

    vSphere 5.0, Update 2 and vSphere 5.1, Update 1: Virtual machine > State > Revert to snapshot

    vSphere 5.5: Virtual machine > Snapshot management > Revert to snapshot

  3. If you want the VMs you create to be tagged, add the following permissions for the user account:
    SDK User Interface

    Global.ManageCustomFields

    Global > Manage custom attributes

    Global.SetCustomField

    Global > Set custom attribute

    To ensure that you use a clean base image for creating new VMs, tag VMs created with Machine Creation Services to exclude them from the list of VMs available to use as base images.

Obtain and import a certificate

To protect vSphere communications, Citrix recommends that you use HTTPS rather than HTTP. HTTPS requires digital certificates. Citrix recommends you use a digital certificate issued from a certificate authority in accordance with your organization's security policy.

If you are unable to use a digital certificate issued from a certificate authority, and your organization's security policy permits it, you can use the VMware-installed self-signed certificate. Add the VMware vCenter certificate to each Controller. Follow this procedure:
  1. Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. This step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.
  2. Obtain the vCenter certificate using any of the following methods:
    • From the vCenter server:
      1. Copy the file rui.crt from the vCenter server to a location accessible on your Delivery Controllers.
      2. On the Controller, navigate to the location of the exported certificate and open the rui.crt file.
    • Download the certificate using a web browser. If you are using Internet Explorer, depending on your user account, you may need to right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.
      1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com
      2. Accept the security warnings.
      3. Click on the address bar where it shows the certificate error.
      4. View the certificate and click on the Details tab.
      5. Select Copy to file and export in .CER format, providing a name when prompted to do so.
      6. Save the exported certificate.
      7. Navigate to the location of the exported certificate and open the .CER file.
    • Import directly from Internet Explorer running as an administrator:
      1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com.
      2. Accept the security warnings.
      3. Click on the address bar where it shows the certificate error.
      4. View the certificate.
    • Import the certificate into the certificate store on each of your Controllers:
      1. Click Install certificate, select Local Machine, and then click Next.
      2. Select Place all certificates in the following store, and then click Browse.
      3. If you are using Windows Server 2008 R2:
        1. Select the Show physical stores check box.
        2. Expand Trusted People.
        3. Select Local Computer.
        4. Click Next, then click Finish.
        If you are using Windows Server 2012 or Windows Server 2012 R2:
        1. Select Trusted People, then click OK.
        2. Click Next, then click Finish.
    Important: If you change the name of the vSphere server after installation, you must generate a new self-signed certificate on that server before importing the new certificate.

Create a master VM

Use a master VM to provide user desktops and applications. On your hypervisor:
  1. Install a VDA on the master VM, selecting the option to optimize the desktop, which improves performance.
  2. Take a snapshot of the master VM to use as a back-up. 

Create virtual desktops

If you are using Studio to create VMs, rather than selecting an existing Machine Catalog, specify the following information when setting up your hosting infrastructure to create virtual desktops.
  1. Select the VMware vSphere host type.
  2. Enter the address of the access point for the vCenter SDK.
  3. Enter the credentials for the VMware user account you set up earlier that has permissions to create new VMs. Specify the username in the form domain/username.